Everyone, everything's a target for mysterious APT28 crew

The Russian cyberespionage group blamed for the infamous US Democratic National Committee email leak launched targeted phishing attacks against French presidential candidate Emmanuel Macron's campaign as recently as last month.

Security researchers at Trend Micro warn that the APT28 crew have also targeted Germany's Christian Democratic Union (the party of Chancellor Angela Merkel).

The group is creating highly sophisticated phishing emails, almost perfectly replicating legitimate URLs and using a technique called "tabnabbing", which swaps inactive open tabs with an illegitimate site. APT28 (AKA Pawn Storm or Fancy Bear) often posed as hacktivists in order to trick media into publishing compromised data, such as email spools.

The hacking crew – widely linked to the Russian military intelligence agency GRU – has been blamed for a string of high-profile attacks including the German Bundestag, French TV station TV5Monde and the World Anti-Doping Agency as well as the DNC during last year's US presidential election.

The group is targeting high-profile users of large-scale email providers such as Google and Yahoo!. A blog post by Trend Micro explaining the history of these attacks and how to defend against spying can be found here. ®